Security vulnerabilities video conferencing app Zoom have revealed the danger of putting blind faith in big tech’s coronavirus solutions. Zoom was riddled with privacy issues for years, and its competitors aren’t much better.
With more than half of humanity under some form of lockdown, those lucky enough to keep their jobs have gotten to grips with video conferencing apps, with Zoom the most popular. According to Zoom CEO Eric Yuan, the app had 200 million daily users in March, up from 10 million just three months earlier.
However, it didn’t take long for problems to emerge.
First, “zoom-bombers” discovered public video chats and jumped in, hijacking them. In one case, swastika-tattooed scoundrels interrupted a classroom session to spout profanities, prompting the FBI to issue a warning.
Passwords keep the Zoom-bombers out, but even savvy users aren’t safe. According to a Friday report by the Washington Post, thousands of recorded meetings and calls have been exposed online. The paper claimed to have seen people’s names and phone numbers, financial statements, and children’s personal details – as well as “deeply intimate conversations” and nudity.
These recordings weren’t exposed on Zoom’s own cloud storage service. Rather, users who saved the recordings before uploading them to other, unsecure, storage sites were vulnerable, due to the fact that Zoom names every such video the same way. As such, anyone with the right search tools could scour the internet for files named, for example ‘Zoom_1’ and find a trove of recordings.
Zoom markets itself on accessibility, and does not assign these recordings a randomized name, nor does it prompt users to rename their recordings manually. For a secure experience on Zoom, users literally have to consult online guides.
The Post’s report caused waves online, and on the same day it was published, 19 Democratic lawmakers sent Yuan a letter asking the CEO to clarify the app’s data collection and sharing policies.
In Friday’s blog post, Zoom vowed to address these issues. But those looking for alternatives to the app have a mixed bag to choose from. Skype and Google Hangouts, as well as up and coming apps like Jitsi and Houseparty aren’t end-to-end encrypted, and Apple’s Facetime has its own history of privacy snafus.
On the flipside, apps that market themselves on security, like Signal, lack the ease of use and functionality of Zoom, a sticking point for companies adjusting to remote work.
Privacy issues weren’t quite as big a deal when teleworking was an option, and when colleagues wanting secrecy could duck into a conference room instead of booting up their computers from home. But amid a raging pandemic, these issues are being pushed to the forefront.
Congress has, in appearance at least, sided with the user. In addition to the letter sent to Yuan by the House Democrats on Friday, a group of Democratic Senators have grilled Apple on the data collection policy of its new coronavirus screening app and website, and sent questions to the Alphabet company about its own COVID-19 screening program. However, previous efforts by Congress to hold Facebook and Google accountable were half-hearted at best.
Moreover, think tanks and scientists have lobbied Washington to enlist tech companies to develop surveillance tools to fight the pandemic. Should the situation in the US – where more than 300,000 are infected and over 8,000 dead – worsen significantly, Washington could throw privacy concerns to the wind.